rpms / mod_auth_kerb

Clone
Source Code
GIT

Files

c4 c5 c5-plus c6 c6-plus c7 c7-beta
  1.   c7
  2.   SPECS
  3.   mod_auth_kerb.spec
Blob Blame History Raw 
%{!?_httpd_apxs:       %{expand: %%global _httpd_apxs       %%{_sbindir}/apxs}}
%{!?_httpd_mmn:        %{expand: %%global _httpd_mmn        %%(cat %{_includedir}/httpd/.mmn 2>/dev/null || echo missing-httpd-devel)}}
%{!?_httpd_confdir:    %{expand: %%global _httpd_confdir    %%{_sysconfdir}/httpd/conf.d}}
# /etc/httpd/conf.d with httpd < 2.4 and defined as /etc/httpd/conf.modules.d with httpd >= 2.4
%{!?_httpd_modconfdir: %{expand: %%global _httpd_modconfdir %%{_sysconfdir}/httpd/conf.d}}
%{!?_httpd_moddir:    %{expand: %%global _httpd_moddir    %%{_libdir}/httpd/modules}}

Summary: Kerberos authentication module for HTTP
Name: mod_auth_kerb
Version: 5.4
Release: 28%{?dist}
# src/mod_auth_kerb.c is under 3-clause BSD, ASL 2.0 code is patched in (-s4u2proxy.patch)
# src/mit-internals.h contains MIT-licensed code.
License: BSD and MIT and ASL 2.0
Group: System Environment/Daemons
URL: http://modauthkerb.sourceforge.net/
Source0: http://downloads.sourceforge.net/modauthkerb/%{name}-%{version}.tar.gz
Source1: auth_kerb.conf
Source2: LICENSE.ASL
Patch1: mod_auth_kerb-5.4-rcopshack.patch
Patch2: mod_auth_kerb-5.4-fixes.patch
Patch3: mod_auth_kerb-5.4-s4u2proxy.patch
Patch4: mod_auth_kerb-5.4-httpd24.patch
Patch5: mod_auth_kerb-5.4-delegation.patch
Patch6: mod_auth_kerb-5.4-cachedir.patch
Patch7: mod_auth_kerb-5.4-longuser.patch
Patch8: mod_auth_kerb-5.4-expired.patch
BuildRequires: httpd-devel, krb5-devel
Requires: httpd-mmn = %{_httpd_mmn}
Requires(pre): httpd

# Suppres auto-provides for module DSO
%{?filter_provides_in: %filter_provides_in %{_libdir}/httpd/modules/.*\.so$}
%{?filter_setup}

%description
mod_auth_kerb is module for the Apache HTTP Server designed to
provide Kerberos authentication over HTTP.  The module supports the
Negotiate authentication method, which performs full Kerberos
authentication based on ticket exchanges.

%prep
%setup -q -n %{name}-%{version}
%patch1 -p1 -b .rcopshack
%patch2 -p1 -b .fixes
%patch3 -p1 -b .s4u2proxy
%patch4 -p1 -b .httpd24
%patch5 -p1 -b .delegation
%patch6 -p1 -b .cachedir
%patch7 -p1 -b .longuser
%patch8 -p1 -b .expired

%build
export APXS=%{_httpd_apxs}
%configure --without-krb4 --with-krb5=%{_prefix}
make %{?_smp_mflags} 

%install
rm -rf $RPM_BUILD_ROOT
install -Dm 755 src/.libs/mod_auth_kerb.so \
        $RPM_BUILD_ROOT%{_httpd_moddir}/mod_auth_kerb.so

%if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"
# httpd >= 2.4.x
sed -n /^LoadModule/p %{SOURCE1} > 10-auth_kerb.conf
sed '/LoadModule/d;/Location /,/Location>/s,^#,,' %{SOURCE1} > example.conf
install -Dp -m 0644 10-auth_kerb.conf $RPM_BUILD_ROOT%{_httpd_modconfdir}/10-auth_kerb.conf
%else
# httpd <= 2.2.x
install -Dp -m 0644 %{SOURCE1} $RPM_BUILD_ROOT%{_httpd_confdir}/auth_kerb.conf
%endif

# Credentials cache
mkdir -p $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d
echo 'd /run/httpd/krbcache 700 apache apache' \
     > $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/httpd-krbcache.conf
mkdir -p $RPM_BUILD_ROOT/run/httpd/krbcache

# Copy the license files here so we can include them in %doc
cp -p %{SOURCE2} .

%files
%doc README LICENSE LICENSE.ASL
%config(noreplace) %{_httpd_modconfdir}/*.conf
%if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"
%doc example.conf
%endif
%{_httpd_moddir}/*.so
%{_prefix}/lib/tmpfiles.d/httpd-krbcache.conf
%attr(0700,apache,apache) %dir /run/httpd/krbcache

%changelog
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 5.4-28
- Mass rebuild 2014-01-24

* Mon Jan 13 2014 Joe Orton <jorton@redhat.com> - 5.4-27
- rebuild for #1029360

* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 5.4-26
- Mass rebuild 2013-12-27

* Thu Oct 03 2013 Jan Kaluza <jkaluza@redhat.com> - 5.4-25
- don't fail with error 500 when ticket is expired and Authorization header is
  provided by client (#982521)

* Tue Jun 04 2013 Jan Kaluza <jkaluza@redhat.com> - 5.4-24
- don't truncate translated names with KrbLocalUserMapping

* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.4-23
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

* Thu Nov 15 2012 Joe Orton <jorton@redhat.com> - 5.4-22
- clarify licensing; clean up spec file

* Tue Nov 13 2012 Joe Orton <jorton@redhat.com> - 5.4-21
- fix httpd_mmn stderr filter (thanks rcollet)

* Tue Nov 13 2012 Joe Orton <jorton@redhat.com> - 5.4-20
- hide stderr if finding httpd_mmn 
- package LICENSE
- filter DSO auto provides

* Wed Aug  8 2012 Joe Orton <jorton@redhat.com> - 5.4-19
- add Requires(pre) for httpd to ensure apache uid exists at install time

* Wed Aug  8 2012 Joe Orton <jorton@redhat.com> - 5.4-18
- move ccache to /run/httpd/ccache

* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.4-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

* Wed Jun 13 2012 Joe Orton <jorton@redhat.com> - 5.4-16
- hard-code use of /run/user/apache for cache dir
- package /run/user/apache
- move tmpfiles drop-in to /usr/lib

* Wed Jun 13 2012 Joe Orton <jorton@redhat.com> - 5.4-15
- fix segfault in cache dir fix (#796430)

* Fri May 11 2012 Joe Orton <jorton@redhat.com> - 5.4-14
- add tmpfile drop-in for cred cache (#796430)
- really apply delegation fix

* Tue May  1 2012 Joe Orton <jorton@redhat.com> - 5.4-13
- add delegation fix (Ben Kahn, mgbowman, #687975)

* Tue Mar 27 2012 Joe Orton <jorton@redhat.com> - 5.4-12
- rebuild for httpd 2.4

* Fri Mar  9 2012 Joe Orton <jorton@redhat.com> - 5.4-11
- adapt for 2.4 API

* Thu Mar  1 2012 Rob Crittenden <rcritten@redhat.com> - 5.4-10
- Updated s4u2proxy patch to add missing braces around conditional.

* Tue Jan 31 2012 Rob Crittenden <rcritten@redhat.com> - 5.4-9
- Add support for Constrained Delegation/s4u2proxy (#767740)

* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.4-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.4-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

* Thu Dec  9 2010 Joe Orton <jorton@redhat.com> - 5.4-6
- fix build (thanks to Mike Bonnet, #599754)

* Fri Aug 07 2009 Parag <paragn@fedoraproject.org> 5.4-5
- Spec cleanup as suggested in review bug #226150

* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

* Thu Dec 11 2008 Joe Orton <jorton@redhat.com> 5.4-2
- update to 5.4

* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 5.3-7
- Autorebuild for GCC 4.3

* Tue Sep 25 2007 Joe Orton <jorton@redhat.com> 5.3-6
- fix configure invocation (#301181)

* Sun Sep  2 2007 Joe Orton <jorton@redhat.com> 5.3-5
- rebuild for fixed 32-bit APR

* Thu Aug 30 2007 Joe Orton <jorton@redhat.com> 5.3-4
- clarify License tag

* Wed Nov 29 2006 Joe Orton <jorton@redhat.com> 5.3-3
- fix r->user caching (Enrico Scholz, #214207)
- update to 5.3 (CVE-2006-5989, #215443)

* Sun Oct 01 2006 Jesse Keating <jkeating@redhat.com> - 5.1-3
- rebuilt for unwind info generation, broken in gcc-4.1.1-21

* Tue Sep 19 2006 Joe Orton <jorton@redhat.com> 5.1-2
- update to 5.1

* Thu Aug  3 2006 Joe Orton <jorton@redhat.com> 5.0-10
- fix segfault at startup (#201145)

* Thu Jul 20 2006 Joe Orton <jorton@redhat.com> 5.0-9
- add Russ Allbery's fix for disabling replay cache with krb15

* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 5.0-8.2.2
- rebuild

* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 5.0-8.2.1
- bump again for double-long bug on ppc(64)

* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 5.0-8.2
- rebuilt for new gcc4.1 snapshot and glibc changes

* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
- rebuilt

* Mon Dec  5 2005 Joe Orton <jorton@redhat.com> 5.0-8
- rebuild for httpd 2.2

* Wed Sep 21 2005 Joe Orton <jorton@redhat.com> 5.0-7
- fix build without /usr/sbin in $PATH (Roozbeh Pournader, #168212)

* Tue May 10 2005 Joe Orton <jorton@redhat.com> 5.0-6
- update to 5.0rc6
- don't force CC=gcc4

* Fri Mar  4 2005 Joe Orton <jorton@redhat.com> 5.0-3
- fix build with GCC 4
- only add "auth_kerb_module" symbol to dynamic symbol table

* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt

* Thu Apr  8 2004 Joe Orton <jorton@redhat.com> 5.0-0.rc4.5
- remove static globals
- add SSLRequireSSL

* Mon Mar 29 2004 Joe Orton <jorton@redhat.com> 5.0-0.rc4.3
- support mutual authentication (Nalin Dahyabhai)
- once authentication returns COMPLETE, cache name for the duration
  of the connection

* Thu Mar 25 2004 Joe Orton <jorton@redhat.com> 5.0-0.rc4.2
- add example config file

* Wed Mar 24 2004 Joe Orton <jorton@redhat.com> 5.0-0.rc4.1
- update to mod_auth_kerb.c from HEAD to get workaround for
  "Request is a replay" errors

* Tue Mar 23 2004 Joe Orton <jorton@redhat.com> 
- Initial build.

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation